TY - GEN
T1 - Information security risk management planning of digital certificate management case study
T2 - 5th International Conference on Informatics and Computing, ICIC 2020
AU - Sensuse, Dana Indra
AU - Syahrizal, Andy
AU - Aditya, Faizan
AU - Nazri, Muhammad
N1 - Funding Information:
ACKNOWLEDGMENT This publication is supported by the PUTI PROSIDING 2020 grant funded by Universitas Indonesia under contract number NKB879/UN2.RST/HKP.05.00/2020.
Publisher Copyright:
© 2020 IEEE.
Copyright:
Copyright 2021 Elsevier B.V., All rights reserved.
PY - 2020/11/3
Y1 - 2020/11/3
N2 - Otoritas Sertifikat Digital (OSD) is a certificate authority held by Balai Sertifikasi Elektronik (BSrE) of the Badan Siber dan Sandi Negara (BSSN). Digital certificate management is the primary business process of Otoritas Sertifikat Digital Layanan Universal (OSD LU), which, if it is interrupted, the OSD business process cannot run smoothly and has an impact on the digital certification process. With the problem of maintaining the reliability and security of the system it there is a need to classify, analyzed, and carried these risks correctly to diminish the negative repercussions that may arise at an agreeable level. The main goal is to address the issues about risk management planning, particularly in the absence of an information security risk management plans within BSrE. We carried the process of risk assessment utilizing the ISO 27005 framework combined with NIST SP 800-30 revision 1 in assessing the security risks. The results of the risk assessment of the 27 assets identified and 26 risk scenarios that must be mitigated and 38 risk scenarios acceptable to the organization. We hope with this study it can help the BSrE in analyzing and to maintaining the security management plan within the OSD LU system and to provides control recommendations as an effort to minimize information security risks in data communication application within the business processes and produce a strategic plan for handling and accepting risk accompanied by a person in charge of the risk scenario
AB - Otoritas Sertifikat Digital (OSD) is a certificate authority held by Balai Sertifikasi Elektronik (BSrE) of the Badan Siber dan Sandi Negara (BSSN). Digital certificate management is the primary business process of Otoritas Sertifikat Digital Layanan Universal (OSD LU), which, if it is interrupted, the OSD business process cannot run smoothly and has an impact on the digital certification process. With the problem of maintaining the reliability and security of the system it there is a need to classify, analyzed, and carried these risks correctly to diminish the negative repercussions that may arise at an agreeable level. The main goal is to address the issues about risk management planning, particularly in the absence of an information security risk management plans within BSrE. We carried the process of risk assessment utilizing the ISO 27005 framework combined with NIST SP 800-30 revision 1 in assessing the security risks. The results of the risk assessment of the 27 assets identified and 26 risk scenarios that must be mitigated and 38 risk scenarios acceptable to the organization. We hope with this study it can help the BSrE in analyzing and to maintaining the security management plan within the OSD LU system and to provides control recommendations as an effort to minimize information security risks in data communication application within the business processes and produce a strategic plan for handling and accepting risk accompanied by a person in charge of the risk scenario
KW - Digital certificate
KW - Information security
KW - Risk
KW - Risk management
KW - Risk management planning
UR - http://www.scopus.com/inward/record.url?scp=85099317619&partnerID=8YFLogxK
U2 - 10.1109/ICIC50835.2020.9288593
DO - 10.1109/ICIC50835.2020.9288593
M3 - Conference contribution
AN - SCOPUS:85099317619
T3 - 2020 5th International Conference on Informatics and Computing, ICIC 2020
BT - 2020 5th International Conference on Informatics and Computing, ICIC 2020
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 3 November 2020 through 4 November 2020
ER -